kernel_samsung_sm7125

jenna

History

Eric W. Biederman b9f75f45a6 netns: Don't receive new packets in a dead network namespace. Alexey Dobriyan <adobriyan@gmail.com> writes: > Subject: ICMP sockets destruction vs ICMP packets oops > After icmp_sk_exit() nuked ICMP sockets, we get an interrupt. > icmp_reply() wants ICMP socket. > > Steps to reproduce: > > launch shell in new netns > move real NIC to netns > setup routing > ping -i 0 > exit from shell > > BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 > IP: [<ffffffff803fce17>] icmp_sk+0x17/0x30 > PGD 17f3cd067 PUD 17f3ce067 PMD 0 > Oops: 0000 [1] PREEMPT SMP DEBUG_PAGEALLOC > CPU 0 > Modules linked in: usblp usbcore > Pid: 0, comm: swapper Not tainted 2.6.26-rc6-netns-ct #4 > RIP: 0010:[<ffffffff803fce17>] [<ffffffff803fce17>] icmp_sk+0x17/0x30 > RSP: 0018:ffffffff8057fc30 EFLAGS: 00010286 > RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff81017c7db900 > RDX: 0000000000000034 RSI: ffff81017c7db900 RDI: ffff81017dc41800 > RBP: ffffffff8057fc40 R08: 0000000000000001 R09: 000000000000a815 > R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff8057fd28 > R13: ffffffff8057fd00 R14: ffff81017c7db938 R15: ffff81017dc41800 > FS: 0000000000000000(0000) GS:ffffffff80525000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b > CR2: 0000000000000000 CR3: 000000017fcda000 CR4: 00000000000006e0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 > Process swapper (pid: 0, threadinfo ffffffff8053a000, task ffffffff804fa4a0) > Stack: 0000000000000000 ffff81017c7db900 ffffffff8057fcf0 ffffffff803fcfe4 > ffffffff804faa38 0000000000000246 0000000000005a40 0000000000000246 > 000000000001ffff ffff81017dd68dc0 0000000000005a40 0000000055342436 > Call Trace: > <IRQ> [<ffffffff803fcfe4>] icmp_reply+0x44/0x1e0 > [<ffffffff803d3a0a>] ? ip_route_input+0x23a/0x1360 > [<ffffffff803fd645>] icmp_echo+0x65/0x70 > [<ffffffff803fd300>] icmp_rcv+0x180/0x1b0 > [<ffffffff803d6d84>] ip_local_deliver+0xf4/0x1f0 > [<ffffffff803d71bb>] ip_rcv+0x33b/0x650 > [<ffffffff803bb16a>] netif_receive_skb+0x27a/0x340 > [<ffffffff803be57d>] process_backlog+0x9d/0x100 > [<ffffffff803bdd4d>] net_rx_action+0x18d/0x250 > [<ffffffff80237be5>] __do_softirq+0x75/0x100 > [<ffffffff8020c97c>] call_softirq+0x1c/0x30 > [<ffffffff8020f085>] do_softirq+0x65/0xa0 > [<ffffffff80237af7>] irq_exit+0x97/0xa0 > [<ffffffff8020f198>] do_IRQ+0xa8/0x130 > [<ffffffff80212ee0>] ? mwait_idle+0x0/0x60 > [<ffffffff8020bc46>] ret_from_intr+0x0/0xf > <EOI> [<ffffffff80212f2c>] ? mwait_idle+0x4c/0x60 > [<ffffffff80212f23>] ? mwait_idle+0x43/0x60 > [<ffffffff8020a217>] ? cpu_idle+0x57/0xa0 > [<ffffffff8040f380>] ? rest_init+0x70/0x80 > Code: 10 5b 41 5c 41 5d 41 5e c9 c3 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 53 > 48 83 ec 08 48 8b 9f 78 01 00 00 e8 2b c7 f1 ff 89 c0 <48> 8b 04 c3 48 83 c4 08 > 5b c9 c3 66 66 66 66 66 2e 0f 1f 84 00 > RIP [<ffffffff803fce17>] icmp_sk+0x17/0x30 > RSP <ffffffff8057fc30> > CR2: 0000000000000000 > ---[ end trace ea161157b76b33e8 ]--- > Kernel panic - not syncing: Aiee, killing interrupt handler! Receiving packets while we are cleaning up a network namespace is a racy proposition. It is possible when the packet arrives that we have removed some but not all of the state we need to fully process it. We have the choice of either playing wack-a-mole with the cleanup routines or simply dropping packets when we don't have a network namespace to handle them. Since the check looks inexpensive in netif_receive_skb let's just drop the incoming packets. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>		17 years ago
..
acpi	proper prototype for acpi_processor_tstate_has_changed()	17 years ago
asm-alpha	asm-{alpha,h8300,um,v850,xtensa}/param.h: unbreak HZ for userspace	17 years ago
asm-arm	[ARM] 5091/1: Add missing bitfield include to regs-lcd.h	17 years ago
asm-avr32	avr32: types: use <asm-generic/int-*.h> for the avr32 architecture	17 years ago
asm-blackfin	Blackfin Serial Driver: Clean up BF54x macro in blackfin UART driver.	17 years ago
asm-cris	cris: types: use <asm-generic/int-*.h> for the cris architecture	17 years ago
asm-frv	FRV: ip_fast_csum() requires a memory clobber on its inline asm	17 years ago
asm-generic	gpio: build fixes	17 years ago
asm-h8300	h8300: fix typo in header guard	17 years ago
asm-ia64	[IA64] Workaround for RSE issue	17 years ago
asm-m32r	asm-m32r/uaccess.h must #include <asm/setup.h>	17 years ago
asm-m68k	m68k: Add ext2_find_{first,next}_bit() for ext4	17 years ago
asm-m68knommu	m68knommu: rework definition of HZ	17 years ago
asm-mips	[MIPS] Fix typo in header guard	17 years ago
asm-mn10300	MN10300: Fix typo in header guard	17 years ago
asm-parisc	parisc: fix miscompilation of ip_fast_csum with gcc >= 4.3	17 years ago
asm-powerpc	KVM: ppc: Remove duplicate function	17 years ago
asm-ppc	[POWERPC] ppc: More compile fixes	17 years ago
asm-s390	[S390] Fix __ctl_load/__ctl_store inline assembly constraints	17 years ago
asm-sh	sh: fix miscompilation of ip_fast_csum with gcc >= 4.3	17 years ago
asm-sparc	sparc: remove CVS keywords	17 years ago
asm-sparc64	sparc64: IO accessors fix	17 years ago
asm-um	uml: activate_mm: remove the dead PF_BORROWED_MM check	17 years ago
asm-v850	v850: fix typo in header guard	17 years ago
asm-x86	x86: fix broken math-emu with lazy allocation of fpu area	17 years ago
asm-xtensa	asm-{alpha,h8300,um,v850,xtensa}/param.h: unbreak HZ for userspace	17 years ago
crypto	[CRYPTO] api: Fix scatterwalk_sg_chain	17 years ago
keys	…
linux	ipv6 sit: Avoid extra need for compat layer in PRL management.	17 years ago
math-emu	…
media	V4L/DVB (7911): Remove v4l2_video_std_fps prototype declaration	17 years ago
mtd	…
net	netns: Don't receive new packets in a dead network namespace.	17 years ago
pcmcia	…
rdma	IB/core: Remove IB_DEVICE_SEND_W_INV capability flag	17 years ago
rxrpc	…
scsi	Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6	17 years ago
sound	[ALSA] ac97 - Fix ASUS A9T laptop output	17 years ago
video	…
xen	…
Kbuild	…